CrapBook

alternateorg on June 10, 2004

Using FontBook must be what it’s like for you all to use Windows all the time; it does things I don’t understand, doesn’t respond the way I expect it to, and is a pain in the ass to use. And yet I keep going back.

DroolPort Express

alternateorg on June 7, 2004

Holy hell.

Featuring AirTunes for playing your iTunes music wirelessly on your home stereo or powered speakers, AirPort Express brings not only the Internet but your music to wherever in your home you like to enjoy them most — whether you use a Mac or Windows PC. Unmatched in its ease of use, it delivers data rates up to 54 megabits per second, fits in the palm of your hand so you can take it wherever you go — and it costs just $129.

Feed them death

alternateorg on May 28, 2004

From “Let Them Eat War” on Bad Religion’s new album, The Enemy Strikes First”:



from the force to the union shops

the war economy is making new jobs

but the people who benefit most

are breaking bread with their benevolent hosts

you never stole from the rich to give to the poor

all they ever gave to them was a war

and a foreign enemy to deplore

we’ve got to kill ’em in the end

before they reach for their checks

squeeze some blue collars

let them bleed from their necks

seize a few dollars from the people who sweat

cause it’s freedom or death and they won’t question it

Randomata

alternateorg on May 21, 2004

Some interesting things:

This guy doesn’t know what he’s talking about, and I can’t wait until John Gruber responds, although it’s so cliché that he probably won’t.

Preview of the new mature-style Zelda game due out next year.

Totally boss Gran Turismo 4 video

Not related to cool video or Macs: 5 of the 6 latest comp presentations here at Spiremedia have resulted in the client picking my design, including local furniture store The Furniture Room (which is cooler than it sounds, and that links to the current site, which obviously, is not my design). So yay for me.

Actual OSX Hole

alternateorg on May 19, 2004

As you’ve no doubt heard by now, there’s a real, actual, MacOS X vulnerability in the news. And this time it ain’t no proof-of-concept. A rundown of the issue:

  1. Safari allows you to automagically download and open/run/execute files that Safari considers “safe.” These include PDFs, Disc-Images (.dmg files), Stuffit files, etc.
  2. The Apple Help viewer application is scriptable via AppleScript.
  3. There’s a nifty protocol built into MacOS X named “help:” that allows apps or websites to open specific help files when needed.
  4. AppleScripts can execute shell scripts (but Help’s URL scriptability is limited to commands without spaces – not sure if URL-encoded spaces work in place, my guess is not)
  5. Since Help allows scripts residing on your hard drive to be run via a specific URL handler (god knows why), a website can automatically run a shell script or other malicious AppleScript via Safari’s cozy relationship with Help using a “help:runscript=Path/To/An/AppleScript.scpt%20string=’Bad-Shit-Goes-Here” href or JavaScript auto-relocate.
  6. Since Safari can auto-mount disc-images, a website could have you download a DMG that contains a malicious script, auto-mount it, send you to a page to containing a refresh to the “help:” handler that uses Help to execute the script you just downloaded. Whew.

The fix? Download MoreInternet 1.1.1, install it, and set the handler for “help” to Chess or TextEdit, apps that won’t execute scripts automatically via the help protocol. More info available at MacOSXHints.

Apple really dropped the ball on this one. I mean come on, scripts that can be executed when they’re part of a URL? Christ.

Here’s an example of one that lists a directory’s contents. A said above, they can be made to do much more.

UPDATE: Phil says if you’re clicking random links you deserve it.

Back at Spiremedia

alternateorg on May 14, 2004

The fish has changed and so has the pond, but as of (most likely) May 17th, 2004, I’m back at Spiremedia. Say yay for health insurance.